API

WebfrontCore API Documentation

Complete reference for all WebfrontCore REST API endpoints.

---

Table of Contents

• Authentication
• Authorization Policies
• Controllers
  • AdminController
  • ClientController
  • ConfigurationController
  • ConsoleController
  • InformationController
  • InteractionController
  • NavigationController
  • PenaltyController
  • ServerController
  • StatsController
• Common Objects
• Sensitive Data Filtering
• Error Responses

---

Authentication

Cookie-based authentication using ASP.NET Core Identity.

1. Login: POST /api/client/{clientId}/login with password in body
2. Session cookie returned and required for authenticated requests
3. Logout: POST /logout

---

Authorization Policies

Policy	Description
Permissions.AuditPage.Read	View audit logs
Permissions.BanManagementPage.Read	View ban management data
Permissions.PrivilegedClientsPage.Read	View privileged clients list
Permissions.ConsolePage.Read	Execute console commands
Permissions.Penalty.Read	View penalties
Owner role	Full configuration access

---

Controllers

AdminController

Base Route: api/admin
Authorization: [Authorize] (all endpoints require authentication)

---

GET /api/admin/audit

Retrieve paginated audit log entries.

Parameter	Type	Location	Description
offset	int	Query	Items to skip (default: 0)
count	int	Query	Items to return (default: 50)
searchQuery	string	Query	Filter query
actionTypes	ChangeType[]	Query	Filter by action types
originId	int?	Query	Filter by admin ID
targetId	int?	Query	Filter by target ID
before	DateTime?	Query	Filter before date
after	DateTime?	Query	Filter after date

Authorization: Permissions.AuditPage.Read

Response: IList<AuditInfo>

---

GET /api/admin/bans

Retrieve paginated ban information.

Parameter	Type	Location	Description
offset	int	Query	Items to skip
count	int	Query	Items to return
clientName	string	Query	Filter by name
clientGuid	string	Query	Filter by GUID
clientId	int?	Query	Filter by client ID
clientIP	string	Query	Filter by IP

Authorization: Permissions.BanManagementPage.Read

Response: ResourceQueryHelperResult<BanInfo>

---

GET /api/admin/alerts

Retrieve all active alerts.

Response: IEnumerable<AlertState>

---

POST /api/admin/alerts/{id:guid}/dismiss

Dismiss a specific alert.

Parameter	Type	Location	Description
id	Guid	Route	Alert ID

Response: 200 OK

---

POST /api/admin/alerts/dismiss/all

Dismiss all alerts.

Response: 200 OK

---

GET /api/admin/reports

Retrieve all server reports.

Response: IEnumerable<ServerReportsInfo>

---

ClientController

Base Route: api/client

---

GET /api/client/search

Search for clients.

Parameter	Type	Location	Description
clientName	string	Query	Name to search
isExactClientName	bool	Query	Exact match
clientIp	string	Query	IP address
isExactClientIp	bool	Query	Exact IP match
clientGuid	string	Query	GUID/NetworkId
clientLevel	Permission	Query	Permission level
gameName	Game	Query	Game filter
clientConnected	DateTime?	Query	Connection date
direction	SortDirection	Query	Sort direction
sortColumn	string	Query	Sort column
offset	int	Query	Items to skip
count	int	Query	Items to return

Note: At least one search criteria required.

Response: IEnumerable<ClientResourceResponse>

---

GET /api/client/privileged

Retrieve privileged clients grouped by level.

Authorization: Permissions.PrivilegedClientsPage.Read

Response: Dictionary<Permission, IList<ClientInfo>>

---

GET /api/client/{clientId:int}

Retrieve basic client information.

Parameter	Type	Location	Description
clientId	int	Route	Client ID

Response: ClientInfoResult

---

GET /api/client/{clientId:int}/profile

Retrieve detailed client profile.

Parameter	Type	Location	Description
clientId	int	Route	Client ID
metaFilterType	MetaType?	Query	Filter meta type

Response: PlayerInfo

---

GET /api/client/{clientId:int}/meta

Retrieve paginated client metadata.

Parameter	Type	Location	Description
clientId	int	Route	Client ID
count	int	Query	Items to return
offset	int	Query	Items to skip
startAt	long?	Query	Unix timestamp start
metaType	MetaType?	Query	Filter type

Response: IEnumerable<BaseMetaResponse>

---

POST /api/client/{clientId:int}/login

Authenticate a client.

Parameter	Type	Location	Description
clientId	int	Route	Client ID
password	string	Body	Password or token

Request Body:

{ "password": "string" }

Response: 200 OK or 401 Unauthorized

---

POST /logout

Logout current user.

Response: 200 OK

---

ConfigurationController

Base Route: api/configuration
Authorization: [Authorize(Roles = "Owner")]

---

GET /api/configuration/files

List configuration files.

Response: IEnumerable<ConfigurationFileInfo>

---

POST /api/configuration/files/{fileName}

Save a configuration file.

Parameter	Type	Location	Description
fileName	string	Route	File name

Request Body:

{ "fileName": "string", "fileContent": "string" }

Response: 204 No Content

---

ConsoleController

Base Route: api/console

---

POST /api/console/execute

Execute a console command.

Authorization: Permissions.ConsolePage.Read

Request Body:

{ "serverId": "string", "command": "string" }

Response: IEnumerable<CommandResponseInfo>

---

InformationController

Base Route: api/information

---

GET /api/information/about

Retrieve community information and rules.

Response: AboutInfo

---

GET /api/information/help

Retrieve available commands.

Response: List<CommandGroupInfo>

---

GET /api/information/stats

Retrieve system statistics.

Response: SystemInfo

{
  "totalConnectedClients": 0,
  "totalClientSlots": 0,
  "totalTrackedClients": 0,
  "totalRecentClients": { "value": 0, "time": "...", "startAt": "...", "endAt": "..." },
  "maxConcurrentClients": { "value": 0, "time": "..." },
  "uptime": "00:00:00"
}

---

InteractionController

Base Route: api/interaction

---

GET /api/interaction/{interactionName}

Render a dynamic interaction.

Parameter	Type	Location	Description
interactionName	string	Route	Interaction ID
*	string	Query	Dynamic meta params

Response: InteractionResponse or 401 Unauthorized or 404 Not Found

---

NavigationController

Base Route: api/navigation

---

GET /api/navigation

Retrieve navigation menu data.

Response: NavigationInfo

---

PenaltyController

Base Route: api/penalty

---

GET /api/penalty

Retrieve paginated penalties.

Parameter	Type	Location	Default	Description
offset	int	Query	0	Items to skip
count	int	Query	30	Items to return
showOnly	PenaltyType	Query	Any	Filter type
ignoreAutomated	bool	Query	true	Exclude automated

Authorization: Permissions.Penalty.Read

Penalty Types: Any, Report, Warning, Flag, Kick, TempBan, Ban, Unban

Response: IList<PenaltyInfo>

---

POST /api/penalty/unban/{targetId:int}

Unban a client.

Parameter	Type	Location	Description
targetId	int	Route	Client ID
reason	string	Body	Unban reason

Authorization: Authenticated

Request Body:

{ "reason": "string" }

Response: { "message": "string" }

---

ServerController

Base Route: api/server

---

GET /api/server

Retrieve all servers.

Parameter	Type	Location	Description
game	Game?	Query	Filter by game

Response: IEnumerable<ServerInfo>

---

GET /api/server/{id}

Retrieve a specific server.

Parameter	Type	Location	Description
id	string	Route	Server ID

Response: ServerInfo or 404 Not Found

---

GET /api/server/{id}/scoreboard

Retrieve server scoreboard.

Parameter	Type	Location	Description
id	string	Route	Server ID

Response: ScoreboardInfo

---

GET /api/server/{id}/history

Retrieve client history.

Parameter	Type	Location	Description
id	string	Route	Server ID

Response: IEnumerable<ClientCountSnapshot>

---

GET /api/server/parsers

Retrieve available RCon and Event parser names.

Response: IEnumerable<string>

---

POST /api/server

Dynamically add a server at runtime.

Authorization: Owner role required

Request Body:

{
  "ipAddress": "192.168.1.100",
  "port": 28960,
  "password": "rcon_password",
  "rConParserVersion": "IW4",
  "eventParserVersion": "IW4",
  "persistToConfiguration": false,
  "customHostname": "My Server",
  "gameLogServerUrl": null,
  "manualLogPath": null,
  "reservedSlotNumber": 0
}

Field	Type	Required	Description
ipAddress	string	Yes	Server IP address
port	int	Yes	RCON port
password	string	Yes	RCON password
rConParserVersion	string	Yes	Parser name (e.g., "IW4", "T6")
eventParserVersion	string	Yes	Event parser name
persistToConfiguration	bool	No	Save to config file (default: true)
customHostname	string	No	Custom display name
gameLogServerUrl	string	No	Remote log server URL
manualLogPath	string	No	Local log path
reservedSlotNumber	int	No	Reserved slots

Response (200 OK):

{
  "serverId": "192.168.1.100:28960",
  "hostname": "My Server",
  "game": "IW4",
  "persisted": false
}

Error Response (400 Bad Request):

{ "messages": ["Server already exists", "Invalid parser version"] }

---

DELETE /api/server/{id}

Remove a server at runtime.

Authorization: Owner role required

Parameter	Type	Location	Description
id	string	Route	Server ID (IP:Port format)
shouldPersist	bool	Query	Remove from config file (default: true)

Response: 204 No Content or 404 Not Found

---

StatsController

Base Route: api/stats

---

GET /api/stats/{clientId:int}/advanced

Retrieve advanced client statistics.

Parameter	Type	Location	Description
clientId	int	Route	Client ID
serverId	string?	Query	Server filter

Response: AdvancedStatsInfo or 404 Not Found

---

GET /api/stats/top

Retrieve top players.

Parameter	Type	Location	Default	Description
count	int	Query	25	Number of players
offset	int	Query	0	Items to skip
serverId	string?	Query	—	Server filter

Response: TopStatsResponse

---

GET /api/stats/{clientId:int}

Retrieve client statistics.

Parameter	Type	Location	Description
clientId	int	Route	Client ID

Response: IList<StatsInfoResult>

---

GET /api/stats/message/context

Retrieve chat context around a timestamp.

Parameter	Type	Location	Description
serverId	string	Query	Server ID
when	long	Query	Unix timestamp

Response: List<MessageResponse>

---

GET /api/stats/message/search

Search chat messages.

Parameter	Type	Location	Description
messageContains	string	Query	Search text
isExactMatch	bool	Query	Exact match
clientId	int?	Query	Client filter
serverId	string?	Query	Server filter
sentAfter	DateTime?	Query	After date
sentBefore	DateTime?	Query	Before date
direction	SortDirection	Query	Sort direction
offset	int	Query	Items to skip
count	int	Query	Items to return

Response: ResourceQueryHelperResult<MessageResponse>

---

GET /api/stats/penalty/{penaltyId:int}/context

Retrieve automated penalty context.

Parameter	Type	Location	Description
penaltyId	int	Route	Penalty ID

Authorization: Permissions.BanManagementPage.Read

Response: List<Dictionary<string, string>> or 404 Not Found

---

Common Objects

Game Enum

Value	Description
IW3	Call of Duty 4: Modern Warfare
IW4	Call of Duty: Modern Warfare 2
IW5	Call of Duty: Modern Warfare 3
IW6	Call of Duty: Ghosts
T4	Call of Duty: World at War
T5	Call of Duty: Black Ops
T6	Call of Duty: Black Ops 2
T7	Call of Duty: Black Ops 3
SHG1	Call of Duty: Advanced Warfare
H1	Call of Duty 4: Remastered
H2M	H2M-Mod

Permission Enum

Value	Level
Banned	-1
User	0
Flagged	1
Trusted	2
Moderator	3
Administrator	4
SeniorAdmin	5
Owner	6
Console	7

SortDirection Enum

Value	Description
Ascending	Oldest first
Descending	Newest first

---

Sensitive Data Filtering

Fields are filtered based on user permissions:

Permission	Filtered Fields
ClientIPAddress.Read	IP addresses
ClientGuid.Read	NetworkId/GUID
ClientLevel.Read	Permission levels (defaults to "User")

---

Error Responses

ErrorResponse

{ "messages": ["Error message 1", "Error message 2"] }

HTTP Status Codes

Code	Description
200	Success
204	Success (no content)
400	Bad Request
401	Unauthorized
403	Forbidden
404	Not Found
500	Internal Server Error